President's plan insufficient to rein in NSA, privacy advocates say

President Barack Obama's plan to stop the National Security Agency's bulk collection and storage of telephone records is a good first step that needs to go much further to protect Americans' privacy rights, advocates say.

Obama unveiled his plans Thursday, saying in a statement, "I have decided that the best path forward is that the government should not collect or hold this data in bulk."

The president went on to say that his plan would keep the data with telephone companies, which would store it for the same length of time as they do currently. The government would need a court order to access the data, except in "an emergency situation," which was not defined.

The administration would need congressional approval to go forward with its plans. A group of lawmakers introduced a bipartisan bill this week that would end bulk collection of telephone, email and Internet metadata. Other bills are pending in Congress.

Privacy advocates said Obama's plan was an improvement over having the NSA collect and store data, but fell short of protecting the privacy of Americans.

"The presidents plan is a major step in the right direction and a victory for privacy. But this must be the beginning of surveillance reform, not the end," Anthony D. Romero, executive director of the American Civil Liberties Union, said in a statement.

Marc Rotenberg, executive director for the Electronic Privacy Information Center, objected to Obama's decision to extend the NSA's current data gathering for 90 days to give Congress time to act.

"We believe the president should simply not renew the current NSA telephone record collection authority when it expires (March 28)," he told CSOonline.

Rebecca Herold, a privacy consultant and author of the blog Privacy Professor, said Obama did not address a number of important issues, such as the establishment of a specific position responsible for safeguarding collected data.

Other missing elements included requiring the NSA to undergo annual privacy impact assessments, like other government agencies. In addition, the agency should submit to independent annual audits of its data repositories and data protection practices.

"Quite frankly, I do not believe the NSA limits their retention of the records they've collected to the indicated 5 years, despite the requirement," Herold said.

"Their continuously increasing storage facilities indicate they are accumulating data, not getting rid of any. Lets have an independent audit to prove otherwise."

Instead of Obama's plan, advocates favored passage of the USA Freedom Act, which requires, in part, the government to filter and discard information collected on Americans accidentally and establishes an Office of the Special Advocate (OSA). The office would represent privacy interests before the closed court responsible for approving NSA data requests under the Foreign Intelligence Surveillance Act.

"USA Freedom is more comprehensive and it's essential that it pass to fix much of what is wrong with domestic surveillance," Jennifer Granick, director of civil liberties at the Center for Internet and Society at Stanford Law School.

The NSA's gathering of massive amounts of data, ranging from telephone records and email to Internet activities, came to light as the result of documents handed to the media by former NSA contractor Edward Snowden.

The extent of NSA activity as part of its anti-terrorism program has angered foreign governments, including those friendly to the U.S., and has hurt overseas sales of U.S. technology companies.

Join the CSO newsletter!

Error: Please check your email address.

Tags National Security Agencysecurity

More about Electronic Privacy Information CenterNational Security AgencyNSAOSAStanford Law School

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts